Global online businesses rely on InfiSecure's advanced bot mitigation service to stop automated malicious threats
Sign-up for a trial
InfiSecure is a bot mitigation platform. It provides real-time protection against automated threats to online businesses.
InfiSecure protects a website against OWASP Top 20f automated threats. To name a few, InfiSecure protects a website against automated threats that cause the following problems:
Web & Price Scraping Protection
Account Takeover Protection
Credential Stuffing Protection
Carding Fraud Protection
Form Spam Prevention
Skewed Analytics Prevention
Inventory Exhaustion Protection
The Open Web Application Security Project (OWASP) is a worldwide non-profit organization focused on improving the security of software. The OWASP Top 20f represents the most critical automated threats that web applications are facing today. Here is a list of OWASP Top 20f Automated Threats.
InfiSecure can block all automated web scraping. Along with scraping, all other malicious activities like bot abuse and fake form actions are also blocked.
Yes, InfiSecure's robust bot detection algorithms detect all bad bots - even those that use sophisticated methods like mimicking human behavior or IP rotation.
All good crawlers like Google Bot or Bing Bot are whitelisted by default in InfiSecure bot protection platform. So they will never be stopped. In fact, by using InfiSecure and stopping web scraping, your SEO results will improve significantly.
InfiSecure automates bot traffic detection and does not require any manual intervention. However, a dashboard is provided to the user to check details of every bot being blocked and details of all genuine bots/crawlers. A user can change bot mitigation settings on the dashboard.
InfiSecure is the most accurate bot detection and mitigation platform. We assure you Zero False Positives. We triple check possible scrapers rather than run the risk of alienating a genuine user by using the most advanced behavioral fingerprinting technology.
InfiSecure gives full-control over website traffic. You can select what bots you want to block and which crawlers you want to allow on your website. Other than this, you can also blacklist and whitelist individual IPs and Domains via the dashboard.
Yes, we detect bot JS and non-JS based scraping tools/bots due to our API based implementation.
You can block Datacenter IPs, TOR Exit Nodes, Proxy IPs, InfiSecure Global Threat Database IPs and others directly from the dashboard with a simple on/off feature.
Yes, you can decide which countries you want to block the traffic from and InfiSecure takes care of the rest. You can even block crawlers from a specific country.
InfiSecure protects against application-level DDoS attack. But network-level attacks will not be blocked by InfiSecure. Other methods including CDN and traditional Firewalls should be used for network-level DDoS protection.
InfiSecure is a non-intrusive API. The call to InfiSecure's service is handled from client code and uses a timeout parameter to control the response time of the API call. We are hosted on the best cloud platforms globally and we go to great lengths to ensure that our service never goes down. In the highly unlikely scenario that there is unacceptable latency, our system is automatically suspended to ensure that your business remains unaffected.
Initially, when the website is in a monitor mode, there will be a latency of around 50-70 milliseconds but once you start blocking the bad bots, InfiSecure improves the website load time. You save both server capacity and network bandwidth when you optimize your website traffic using InfiSecure’s block bad bot feature.
Yes, InfiSecure supports HTTTPS traffic.
You can use the Whitelist IP feature of InfiSecure and the third-party tool will be allowed to enter your website.
We recommend that you put a block against all the options under InfiSecure threat response page to get the best value from the product. You can also put a custom action as per your business need.
Once you integreate with InfiSecure, the default mode of bot protection is monitor mode. You can change that when you want to start blocking, throw a CAPTCHA or serve a alternate page.
InfiSecure works well even on a mobile version of your site.
Signup for our free trial. We will create an account for you through which you can start integrating InfiSecure service to your application.
To integrate InfiSecure bot protection, you just need to include a few lines of JS + REST API code into your website code. (we have cloud integrators for all popular programming languages).
Once you integrate the API call in your code, whenever the page loads we will intimate you if the incoming traffic is a human or a bad bot.
You can either monitor, block, show captcha or feed fake data as per your preference based on InfiSecure’s response code.
You can configure the action for your web traffic in the threat response settings of InfiSecure Dashboard Portal.
Monitor - InfiSecure inspects requests but does not take any action. You get the visibility of the bot traffic and bad bot activity on your website.
CAPTCHA – You need to set up a CAPTCHA solution , if you want to set up a CAPTCHA verification test for suspicious requests.
Block – You can choose to block a web request from a bad bot. When InfiSecure takes action on a bad request, we serve a page that informs the client that we are restricting access to the page.
Custom – You can create your custom logic that would be served to bad bot requests.
InfiSecure is a SaaS-based API service. InfiSecure’s real-time bot protection platform analyzes every website request based on certain parameters and automates mitigation of fraudulent traffic.
Human/bot browses a website - Request reaches the Load balancer/server.
Server routes the request to the controller where the code will be processed to generate the user response.
Controller makes a synchronous API call to InfiSecure's service. InfiSecure returns a response telling in real-time if it is a genuine human or a bad bot trying to masquerade as a human.
You can automatically decide to monitor, throw a captcha, serve an alternate page or just block these bad bots as per your preference.
InfiSecure provides with two integration options:
Programming Languages APIs
Web Server Plugin
We are hosted on the best Cloud Infra Services – AWS, Google Cloud, and Microsoft Azure. We have our servers spread across the globe ensuring you get the best service possible.
InfiSecure pricing is based on the number of API calls / page requests made. It roughly translates to the number of page-views. This number will be more than the page views count shown in Google Analytics as Google Analytics doesn’t capture the number of page views made by bots.
Also, if InfiSecure API is called during AJAX calls, they are considered as additional page requests. Contact us to get a price quote.
Every web request that InfiSecure API receive would count as a page request. These requests can come from a bot or from human visitors.
If you cross the API limit, the additional API calls will be charged on pro-rata basis at the end of the billing cycle. The plan will be upgraded as per the API calls usage from the consecutive billing cycle.
We currently follow a yearly billing cycle. Payments have to be made in advance.
Yes. InfiSecure provides a fully-featured 15-day trial to get started so that you get visibility on the amount and impact of bot traffic on your website.
You can signup for free and try out the product. You do not need a credit card to sign up.
We accept payments through credit card and Stripe. We also accept payment via wire transfer.
We provide standard online support through email and website for all our plans. We also offer a premium support for enterprise customers where a dedicated account manager is assigned to the customer who is available 24*7 via email and phone.
Contacts us to know about our plans and support provided.
Bots are software applications that are written to perform specific tasks on the Internet, usually repetitive tasks that would be impossible or difficult for humans to perform with great speed.
All websites are visited by a range of visitors, both human and non-human. There are good bots and there are bad bods. The best known and usually welcomed good bots are search engine bots like Google Bot, Bing Bot etc, which index pages and content to improve SEO. These can be controlled using a robots.txt file. However, at times they can generate excess load on your servers because of over-crawling. They also have no concept of your peak times. This has the potential to either push your website offline or push your system into an unacceptable slowdown.
There is another class of non-human traffic that is not so benign – the bad bots. These bots are unlikely to be aiding your business and, unlike search bots, the data they scrape will likely not be used to drive business directly to your website. Unfortunately, there is nothing stopping anyone automating the activity of competitive price scraping, making account takeovers, buying of tickets for the purpose of reselling at inflated prices, or slowing down a competitor’s websites by setting up bots to simulate real users.
In general non-human traffic is on the rise across most industries. Across the various organizations who work with InfiSecure, between 50-70% of their total traffic is made up of non-human traffic.
With such huge numbers of non-human traffic, businesses need to be aware of how much non-human traffic (bot traffic) is hitting their websites and what that traffic is doing.
Cloud computing and open source software has enabled malicious competitors, hackers and resellers to rapidly and more frequently build bots to attack websites. These bots are becoming greater in volume and ever more sophisticated, with the capability to behave almost like human traffic. Such advanced persistent bots constitute around 80-90% of the total bad bot traffic.
Inhouse bot detection techniques mostly fail because of the rise of advanced persistent bots. Below is a table that depicts why inhouse bot detection techniques are ineffective.
Robots.txt is a protocol that prevents legitimate, cooperative bots from accessing certain pages of a site that is otherwise publicly accessible.
User agents may masquerade as a legitimate bot, when in reality they are not.
A list that permits certain IP addresses access to the site.
A list banning certain IP addresses from accessing a site.
A method to control the rate of site traffic.
“Completely Automated Public Turing test to tell Computers and Humans Apart”. As the acronymn states, CAPTCHA’s are intended to keep bots from scouring a site; however, OCR’s and CAPTCHA farms help bots pass the CAPTCHA’s. Even the advanced persistent bots can defeat CAPTCHA’s.
Sophisticated bots that mimic human behavior to evade detection are called advanced persistent bots. Such bots have the ability to maintain session and support cookies. They constantly rotate IPs to evade detection and hide behind anonymous and peer-to-peer proxies.
Automatic purchasing of products (aggressive purchase bots can cause severe performance issues during product launches)
Aggregation of content (your content can be passed off as someone else’s)
Competitor price analysis (competitors can use this data to undercut you)
Aggressive content crawling (aggressive crawlers can put strain on your web platform)